seal "transit" {
  address            = "{{ vault_transit_address }}"
  token              = "{{ vault_transit_token }}"
  disable_renewal    = {{ '"true"' if vault_transit_disable_renewal else '"false"' }}

  // Key configuration
  key_name           = "{{ vault_transit_key_name }}"
  mount_path         = "{{ vault_transit_mount_path }}"
{% if vault_transit_namespace is defined %}
  namespace          = "{{ vault_transit_namespace }}"
{% endif %}

  // TLS Configuration
{% if vault_transit_tls_skip_verify | bool %}
  tls_skip_verify    = "true"
{% else %}
  tls_ca_cert        = "{{ vault_backend_tls_certs_path }}/{{ vault_transit_tls_ca_cert_file }}"
  tls_client_cert    = "{{ vault_backend_tls_certs_path }}/{{ vault_transit_tls_client_cert_file }}"
  tls_client_key     = "{{ vault_backend_tls_private_path }}/{{ vault_transit_tls_client_key_file }}"
{% if vault_transit_tls_server_name is defined %}
  tls_server_name    = "{{ vault_transit_tls_server_name }}"
{% endif %}
{% endif %}
}
